Zambion has created this Privacy Policy because we value our users and recognise their right to keep personal information private. Zambion is dedicated to keeping personal information secure. This includes physical security, computer and network security, communications security and personnel security. For more information view our Security Policy.
This Privacy Policy describes how Zambion manages personal information of our end user customers. In this Privacy Policy, “we”, “our” and “us” are all references to ZAMBION PTY LTD ABN 46 142 754 809.
This Privacy Policy sets out our policy on the collection, use and disclosure of personal data of users of our Enterprise Web Applications and mobile applications (collectively, our “Cloud Services”) in accordance with our statutory obligations under the Privacy Act. It also describes:
If we decide to change this Privacy Policy, we will post those changes here so that you will always know what personal data we gather, how we might use that information, and whether we will disclose it to anyone.
We collect personal data that you give us, whether by email, telephone, in person, via application forms or otherwise. We may obtain personal data directly from third parties such as our resellers, related companies, installers, sales agents and any of their representatives. In addition, we may obtain personal data from public sources, where available. However, if it is reasonable and practicable to do so, we will collect personal data about an individual only from that individual.
If you enter and/or upload into the Cloud Services and/or otherwise provide us with personal data about any person other than you (including the personal data of any of your End Users), you must provide the information required by Australian Privacy Principle 5 to the relevant persons to whom the personal data relates.
We will not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of our entity’s functions or activities and we will not collect sensitive information unless you consent to the collection and the sensitive information is reasonably necessary for one or more of our functions or activities, or we collect it pursuant to subclause 3.4 of the Australian Privacy Principles. Please notify us if you are not of old enough or not otherwise able to provide us with consent, and do not provide us with any consent for the purposes of applicable privacy law.
The personal data that we collect and how we use it is as follows:
We only disclose personal data to third parties who perform services on our behalf to the extent necessary for them to perform those services. We do not sell personal data to third parties for their own marketing purposes. We may disclose personal data that we collect for all or any of the following purposes:
To enforce our rights and defend any claims, we may also provide your personal data to our lawyers, insurers and professional advisors and any court or administrative body, for one or more of the following purposes:
Zambion may include links to third party websites and platforms. Our linking to those websites and platforms does not mean that we endorse or recommend them. Where an end user uses Zambion or the Cloud Services to provide personal data to a third party website or platform, the end user does so at its own risk. We do not warrant or represent that any third party website or platform operator complies with applicable data protection laws. You should consider the privacy policies of any relevant third party websites and platforms prior to sending your personal data to them. You may interact with social media platforms via social media widgets and tools such as the Facebook Like button and the Facebook pixel that may be installed on Zambion. These widgets and tools may collect your IP address and other personal data. Your interaction with such widgets and tools, and any single sign-on services such as Open ID is governed by the privacy policies of the relevant social media operators and single sign-on service providers.
You can only browse limited pages of Zambion without registering as a subscriber of Zambion, such as the pages that generally describe the services that we make available through Zambion, and our About Us and Contact Us pages. However, when you subscribe to Zambion, we need to collect personal data from you in order to identify you and setup an account for you on Zambion. We will also collect personal data from you when you use the Cloud Services when you enter the personal data into Zambion, when you contact us for technical support and assistance with your account and when gathering analytics data about your use of Zambion. You have the option of not identifying yourself or using a pseudonym when contacting us to enquire about our Cloud Services, but not if you wish to actually access our Cloud Services or any of our other services.
We do not send “junk” or unsolicited e-mail in contravention of the Spam Act 2003 (Cth). We will, however, use e-mail in some cases to respond to inquiries, confirm purchases, or contact end users. These transaction-based e-mails are automatically generated. Anytime an end users or visitor receives e-mail it does not want from us the end users can request that we not send further e-mail by contacting us via email at: [email protected]
We will not keep personal data in a form which permits identification of any person for longer than is necessary for the purposes for which the personal data is processed. We will only process personal data that you enter into Zambion , and only thereafter for the purposes of deleting or returning that personal data to you (except where we also need to retain the data in order to comply with our legal obligations. We will, following your cessation of use of the Cloud Services, at your option delete or return to you all of the personal data uploaded and/or entered into the Cloud Services by you. Where you requires that personal data to be returned, it will be returned to you after the end of the provision of services relating to the processing (“Processing Conclusion Date”), and we will thereafter delete all then remaining existing copies of that personal data in our possession or control as soon as reasonably practicable thereafter, but in any event not more than 30 days after the Processing Conclusion Date, unless applicable law requires us to retain the personal data in which case we will notify you of that requirement and only use such retained data for the purposes of complying with those applicable laws. Where required under the Privacy Act, we will destroy and/or de-identify personal data that we collect about you in accordance with our legal obligations
Subject to the provisions and exceptions set out in the Privacy Act, under the Privacy Act, you have a number of rights, including:
Since 22 February 2018, data breaches that are likely to result in serious harm must be reported to affected individuals and the Office of the Australian Information Commissioner, except where limited exceptions apply. We will notify you of any data breach that may affect you where we are required to do so in accordance with our legal obligations.
We will use our best endeavours to resolve any privacy complaint within 10 business days following receipt of your complaint. This may include working with you on a collaborative basis to resolve the complaint or us proposing options for resolution. If you are not satisfied with the outcome of a complaint you make refer the complaint to the Office of the Australian Information Commissioner (OAIC) who can be contacted using the following details:
Call: 1300 363 992
Email: [email protected]
Address: GPO Box 5218, Sydney NSW 2001